Note: As shown in above example RSA-keys can currently be given instead of a consumer-secret (public-key for oauthsign, private-key for oauthverify). This is going to change. Future versions may use –rsa-private, –rsa-public and also provide for reading the key from file.

oauthverify is the counter-part and very similar to oauthsign: It parses all request-parameters (those appended to the URL after a '?' and the ones given to oauthverify with -d command line option) one of which must be the oauth_signature to verify.

To recalculate the signature the consumer (and token) secrets must be specified (fi. -C and -T) or read from file. If a consumer-key, token-key or signature-method is set (eg. -c or -t, -m), they're required to match the ones in the parsed request-parameters. You can use –erase-consumer-key etc. to relax such a requirement when reading tokens along with the secrets from a file.

If the signature is correct and if the consumer/token key matches the given parameters (if any) oauthverify exits with a status code indicating success and prints the parsed request-parameters formatted as POST parameters (more output options to come: –print0 or -0, JSON is the contender)

Note that oauthverify does not keep track of consumers, token-mappings, timestamps and nonce (never more than once) identifiers. If the signature matches it prints them for others to use.